---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Cisco IronPort Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38525 VERIFY ADVISORY: http://secunia.com/advisories/38525/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IronPort, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system. 1) An error in the IronPort Encryption Appliance administration interface can be exploited to disclose arbitrary files via the included HTTPS server. 2) An error in the IronPort Encryption Appliance WebSafe servlet can be exploited to disclose arbitrary files. 3) An unspecified error in the IronPort Encryption Appliance HTTPS server can be exploited to execute arbitrary code. The vulnerabilities are reported in the following products and versions: * Cisco IronPort Encryption Appliance 6.5 versions prior to 6.5.2 * Cisco IronPort Encryption Appliance 6.2 versions prior to 6.2.9.1 * Cisco IronPort PostX MAP versions prior to 6.2.9.1 SOLUTION: The vendor has released patches, which can be obtained by contacting Cisco IronPort technical support: http://www.ironport.com/support/contact_support.html PROVIDED AND/OR DISCOVERED BY: The vendor credits Jesse Michael and Alexander Senkevitch. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------